Working under a limited access environment with chroot jail

Image

For normal users of a GNU/Linux system, chroot command may not be quite familiar to them. Whereas explanation is totally unnecessary for people working at the server side. The term jail is used in the sense to convey the concept of limited access. chroot is commonly used to run command or interactive shell with special root directory. On installing a GNU/Linux system / is the root directory and all the programs are rooted at /. All files are accessible inside / and not from outside. Without changing the current situation we now tend to create another environment whose root directory some place other than /. This new root directory can be defined using the chroot command. For establishing such an environment first we need to find/create a empty directory as the new root directory. For instance, suppose /home/user/jail is our new root. Now,
Get into the directory
$cd /home/user/jail
Create a subdirectory named bin
$mkdir bin
Copy /bin/bash to newly created bin directory
$sudo cp /bin/bash bin/
Run as root
#chroot .
You will get an error like ‘chroot: failed to run command `/bin/bash’: No such file or directory’. This is because the dependent libraries for bash are not yet loaded to the new environment. Let’s do it now. But how to calculate the necessary libraries? Issue the following command
#ldd bin/bash
linux-vdso.so.1 => (0x00007fffe3fff000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f4a171ea000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f4a16fe6000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f4a16c26000)
/lib64/ld-linux-x86-64.so.2 (0x00007f4a17427000)
These are the required libraries except the first one. Copy those libraries also to respective directories. So create two directories lib and lib64
$mkdir lib lib64
$sudo cp /lib/x86_64-linux-gnu/{libtinfo.so.5,libdl.so.2,libc.so.6} lib
$sudo cp /lib64/ld-linux-x86-64.so.2 lib64
Run as root
#chroot .
bash-4.2#
This is the new working environment. Only the shell built-in commands are available at present. You need to copy each and every required command along with its libraries in order to execute those in the current environment. At last, you are in the chroot jail.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s